Updated dovecot packages that fix one security issue are now available forRed Hat Enterprise Linux 4, 5, and 6.

The Red Hat Security Response Team has rated this update as having moderatesecurity impact. A Common Vulnerability Scoring System (CVSS) base score,which gives a detailed severity rating, is available from the CVE link inthe References section.

Dovecot is an IMAP server for Linux, UNIX, and similar operating systems,primarily written with security in mind.

A denial of service flaw was found in the way Dovecot handled NULLcharacters in certain header names. A mail message with specially-craftedheaders could cause the Dovecot child process handling the target user'sconnection to crash, blocking them from downloading the messagesuccessfully and possibly leading to the corruption of their mailbox.(CVE-2011-1929)

Users of dovecot are advised to upgrade to these updated packages, whichcontain a backported patch to resolve this issue. After installing theupdated packages, the dovecot service will be restarted automatically.

4. Solution:

Before applying this update, make sure all previously-released erratarelevant to your system have been applied.